A Mathematician Hacked Into Google Because He Thought It Was Part Of A Job Interview

Zachary Harris didn't think he was cut out for the job, but when
Google emailed him an offer he figured he'd give it a whack
anyway.

Or a hack, rather.

Kim Zetter of Wired reports
that a strange email hit Harris's inbox asking if he was
interested in a job with Google. “You obviously have a
passion for Linux and programming,” the e-mail from the Google
recruiter read. “I wanted to see if you are open to
confidentially exploring opportunities with Google?”

So he wondered if the e-mail might have been spoofed –
something sent from a scammer to appear to come from the search
giant. But when Harris examined the e-mail’s header information,
it all seemed legitimate.

The first thing Harris noticed, though, was that the
cryptographic key meant to verify the email wasn't using
encryption up to standards.

[Google] wasn’t using a standard 1,024-bit key, which is
the digital equivalent of a kryptonite U-lock for your bike. It
was using a 512-bit key, which is like buying your bike lock for
$10 at Walmart.

Still thinking it was part of a test, Harris cracked the
key. Then he sent an email to Google CEO Larry Page, pretending to be Sergey Brin, Google's cofounder.

I think we should look into whether Google could get involved
with this guy in some way. What do you think?

-Sergey

Then he made sure the site, his own, led back to his personal
email.

But the really mindblowing part is when his personal site was
bombed with traffic from Google. Instead of an invite to a real
job interview, Google quietly changed their cryptographic key to
2048 bits.

That's when he knew it was no joke. Google had really sent him an
email with an astoundingly sub standard encryption.

“I love factoring numbers,” Harris told Wired. “So I
thought this was fun. I really wanted to solve their puzzle and
prove I could do it.”